Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ankesh
New Contributor

Biomateric system authentication issue

Hi team, Recently I have configured FSSO in firewall with DC. Users can authenticate but biomateric can’t. Can you pls help me.
6 REPLIES 6
xsilver_FTNT
Staff
Staff

Hi,

I'm sorry but 'biometric' is ... ?? - your user name

- your workstation name

- you are member of the group with this name

- second factor in authentication, via some device 

 

It is good if question is simple, but it still need to have enough info, so other can provide more or less simple answer.

 

In general, if it is any sort of second factor authentication, like FortiToken, then it usually needs to be active authentication on FortiGate.

However if that biometric second factor is supposed to be handled by Microsoft's AD, then your logon with such feature is most probably handled completely by AD and one of respective Domain Controllers. And then such logon can be seen by FSSO and reported to FortiGate. In this case biometric does not play any role from FortiGate's perspective, as we should get info about logged on user when he succeeds against DC. Logon on DC is completely out of our scope. If logon is OK but there is no FSSO user on FortiGate, then most often such user do not belong to AD user groups monitored by FSSO.

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Ankesh

Hi dear Thanks for reply. #biometric is a attendance system (make : ESSL). #Which is connected with LAN. #Using port no 80 to communicate with HRM database ( Amazon cloud).
Alivo__FTNT

Hello dear

How is that ESSL integrated with AD?

User touches it and then? 

What does the system send and to where.

Best Regards,

Alivo

livo

Ankesh

ESSL is an bio matric attendance system which is connected with LAN & DHCP server given IP to access internet ( catch users fingerprint data & send to HRM application on amazon cloud). No integration of bio matric system with AD. don’t know how to integrate with AD. Without FSSO it’s working fine. Users can get access internet with their user name & password on desktop. But how bio matric system can access internet without username password ?
ShawnZA

Add a new rule above the authentication rules, specifying the Biometric Server IP that needs to talk out and don't add users/groups to that rule. Now the bio server should have internet access without needing to go through authentication.

Ankesh
New Contributor

Hi dear Thanks for help, but still same issue after applied rules.
Labels
Top Kudoed Authors